Originally Posted by jragosta
I wonder how good this number is.
They're now saying that the number is 230,000 to 270,000:http://www.techweekeurope.co.uk/news...sh-botne-72458
Now, one of two things has happened:
1. Apple has somehow managed to reduce the number of bots by 60% even though they haven't released any software to fix it
2. The numbers are nothing more than guesswork and have no validity
I think #2 is far more likely.
It's not "guesswork" - it's straightforward arithmetic. Set up a false command server and count the number of bots that check in. The method used to tracking the number of declining infections is the same method used to figure out the initial infection rate. I've asked in another thread and I'll ask here - what's wrong with this method? No one yet has explained why this method is flawed. Since you can't knock down the method with actual reasons, you just resort to asserting that it has "no validity" - no explanation why it's not valid, it just isn't valid.
Honestly, I cannot believe the cherrypicking going on here, the obstinate refusal to believe facts that you don't want to believe, reality, logic and consistency be damned. It's like every cliched stereotype of a deluded Apple fanboys come to life.
As for what accounts for the drop in figure, there's also option 3 - that some of the reduction isn't due to trojans being removed yet but are being blocked from checking into the command servers by DNS blocks set up by providers such as Open DNS (Open DNS has announced that they are blocking access to the trojan's command servers, preventing infected computers from communicating and receiving new instructions and code). I would think that the security firms are making sure that DNS blocks aren't being applied to their fake servers so that they can continue to track this botnet accurately but given that Apple apparently misidentified a fake server as a real one and tried to take it down, you can't discount the possibility.
For those who are curious about the details of the trojan and how it's being tracked, go to Symantec's blog post on the topic. They've set up their own command servers - just like Kaspersky and Dr. Web - and are monitoring the botnet:http://www.symantec.com/connect/blog...ns-down-270000
And Symantec has released their own free Flashback detection and removal tool:http://www.symantec.com/security_res...041214-1825-99
Now there are 3 removal tools from the 3 of the biggest security firms out there - Symantec, Kaspersky and F Secure. All of them are free.